From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Tue, 2 Jun 2020 08:57:42 +0000 (+0200)
Subject: API: Allow rectifying Slave zones
X-Git-Tag: dnsdist-1.5.0-rc3~15^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6185e053e6118de34acfc0fd4bae3c5ac4c3404;p=thirdparty%2Fpdns.git

API: Allow rectifying Slave zones

Fixes #9066.
---

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index de5fa00840..0f6eed87f4 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1863,9 +1863,6 @@ static void apiServerZoneRectify(HttpRequest* req, HttpResponse* resp) {
   if (!dk.isSecuredZone(zonename))
     throw ApiException("Zone '" + zonename.toString() + "' is not DNSSEC signed, not rectifying.");
 
-  if (di.kind == DomainInfo::Slave)
-    throw ApiException("Zone '" + zonename.toString() + "' is a slave zone, not rectifying.");
-
   string error_msg = "";
   string info;
   if (!dk.rectifyZone(zonename, error_msg, info, true))
diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py
index ca372f124a..f95ede6e7b 100644
--- a/regression-tests.api/test_Zones.py
+++ b/regression-tests.api/test_Zones.py
@@ -1916,6 +1916,32 @@ $ORIGIN %NAME%
         dbrecs = get_db_records(name, 'AAAA')
         self.assertIsNone(dbrecs[0]['ordername'])
 
+    def test_explicit_rectify_success(self):
+        name, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=True, nsec3param='1 0 1 ab')
+        dbrecs = get_db_records(name, 'SOA')
+        self.assertIsNone(dbrecs[0]['ordername'])
+        r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/rectify"))
+        self.assertEquals(r.status_code, 200)
+        dbrecs = get_db_records(name, 'SOA')
+        self.assertIsNotNone(dbrecs[0]['ordername'])
+
+    def test_explicit_rectify_no_dnssec(self):
+        _, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=False)
+        r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/rectify"))
+        self.assertEquals(r.status_code, 422)
+
+    def test_explicit_rectify_slave(self):
+        # Some users want to move a zone to kind=Slave and then rectify, without a re-transfer.
+        name, _, data = self.create_zone = self.create_zone(api_rectify=False, dnssec=True, nsec3param='1 0 1 ab')
+        r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id']),
+            data=json.dumps({'kind': 'Slave'}),
+            headers={'content-type': 'application/json'})
+        self.assertEquals(r.status_code, 204)
+        r = self.session.put(self.url("/api/v1/servers/localhost/zones/" + data['id'] + "/rectify"))
+        self.assertEquals(r.status_code, 200)
+        dbrecs = get_db_records(name, 'SOA')
+        self.assertIsNotNone(dbrecs[0]['ordername'])
+
     def test_cname_at_ent_place(self):
         name, payload, zone = self.create_zone(dnssec=True, api_rectify=True)
         rrset = {